DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

How to do Session Transfer from one server to another in Haproxy?
Question
Layer 4 Load Balancing for WordPress Application with Apache
Question

Question

Cert-manager dns propagation error

I setup ssl with cert-manager on digitalocean kubernetes. The certs were being issue until I decided to add two subdomains to my ingress rules the already existing ones are about 4.

When I apply the ingress rules, it returns an error saying that the following error

E1208 13:37:06.384727 1 sync.go:184] cert-manager/controller/challenges “msg”=“propagation check failed” “error”=“DNS record for “subdomain.example.io” not yet propagated” “dnsName”=“subdomain.example.io” “resource_kind”=“Challenge” “resource_name”=“example-letsencrypt-certificate-4047343803-758986247-1121119393” “resource_namespace”=“production” “type”=“dns-01”

  • I can access the services via the domain names although ssl is not enabled.
  • When I remove the two new subdomains, the certs are issued for the previously existing subdomains in the ingress rules
  • I accessed the digitalocean droplet via ssh and ran nslookup for the domains and one of them returns the correct dns information while the other returns the error server can’t find api.subdomain.example.io: NXDOMAIN
Subscribe
Share
qbasicerDecember 8, 2020

I’m seeing DNS issues as well while provisioning certificates. My error is a little different though:

E1208 17:17:56.932846 1 sync.go:183] cert-manager/controller/challenges “msg”=“propagation check failed” “error”=“failed to perform self check GET request ‘http://www.example.ca/.well-known/acme-challenge/vPtOMYti6WOT7K7rCLNm8pod8EYL-o1t2wZyH1kK8sw’: Get “http://www.example.ca/.well-known/acme-challenge/vPtOMYti6WOT7K7rCLNm8pod8EYL-o1t2wZyH1kK8sw”: dial tcp: lookup www.example.ca on 10.245.0.10:53: no such host” “dnsName”=“www.example.ca” “resource_kind”=“Challenge” “resource_name”=“tls-certificates-gnkz7-1311519961-2702591492” “resource_namespace”=“default” “resource_version”=“v1” “type”=“HTTP-01”

The record works on my standalone droplet, and outside of DO. It does not seem to work from within the cluster from an Ubuntu pod.

root@my-shell-6f49bbd6bd-m4nfc:/# nslookup www.example.ca Server: 10.245.0.10 Address: 10.245.0.10#53

** server can’t find www.example.ca: NXDOMAIN

(www.example.ca is a stand-in for my actual DNS record)

cookieDOFebruary 20, 2021

OP, did you track down the root cause?

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Managed Kubernetes on DigitalOceanProduct

Create a cost-effective, ready-to-use Kubernetes cluster in minutes:

  • Simplify and streamline your automated application deployments
  • Save time with guided configuration
  • Focus more on your business while we monitor your Kubernetes control plane

Related

How to do Session Transfer from one server to another in Haproxy?
Question
Layer 4 Load Balancing for WordPress Application with Apache
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up